Communication apparatus, method of controlling the same, and storage medium

ABSTRACT

A communication apparatus is equipped with a direct wireless communication function for executing a direct wireless communication with an external apparatus without a relay apparatus. Executed instructions cause the information processing apparatus to perform operations includes specifying a user who logs into the communication apparatus, and executing a direct wireless communication function. An SSID of a plurality of SSIDs including at least an SSID of a first type corresponding to the user who logs into the communication apparatus and an SSID of a second type being different from the SSID of the first type is able to be used in the direct wireless communication function. In a case that the SSID of the first type is used in the direct wireless communication function, an SSID corresponding to the specified user is used in the executed direct wireless communication function.

This application is a continuation of application Ser. No. 15/944,931,filed Apr. 4, 2018, which is a continuation of application Ser. No.15/082,741, filed Mar. 28, 2016.

BACKGROUND OF THE INVENTION Field of the Invention

The present invention relates to a communication apparatus, a method ofcontrolling the same, and a storage medium.

Description of the Related Art

A printer having a wireless LAN (Local Area Network) access pointfunction of an IEEE 802.11 standard is known (for example, JapanesePatent Laid-Open No. 2006-123239). When using such a printer, it ispossible to use the printing function by directly connecting to theaccess point that the printer is equipped with from a terminal such as apersonal computer, a smart phone, or a tablet. In addition, as wirelessLAN encryption method standards, WPA (Wi-Fi Protected Access), WPA2 (WPA(Wi-Fi Protected Access 2)), and the like are known. When connecting toa wireless LAN access point in which these encryption functions areenabled, a passphrase as is known by WPA-PSK (Wi-Fi Protected AccessPre-Shared Key), WPA2-PSK (Wi-Fi Protected Access 2 Pre-Shared Key), orthe like is necessary. In addition, a terminal that uses an access pointhaving a function in which it stores in advance the passphrase and anSSID (Service Set Identifier) for when connecting to the access point,and automatically connects when it discovers an access point that itsucceeded in connecting to in the past is commonly known.

However, although a printer equipped with the above-described accesspoint can be used in a home or in an office in which there is a smallnumber of users, who are employees or the like, there are problems suchas the following in the case of use in a large scale office in whichthere are many users. For example, if the SSID and passphrase of anaccess point that a printer has are fixed, when a terminal that hasconnected to the access point discovers the access point, the terminalautomatically connects to the access point regardless of the intentionof the user of the terminal. Typically, a number of terminals that cansimultaneously connect to an access point that a printer has is small.For this reason, when there are many terminals that automaticallyconnect in an office, there is a possibility that an access point isinstantly connected to from a plurality of terminals when it activates,and a maximum number of connections that can simultaneously connect tothe access point is reached. In such a case, the terminals that connectto the access point first monopolize the access point, and a terminal ofanother user who wants to use the printer becomes unable to connect tothe access point. To avoid such a problem, frequently changing the SSIDor passphrase of the access point that the printer is equipped with canbe considered. However, with such a configuration, there is a problem inthat a user who uses the printer must change the settings of the user'sterminal each time the SSID and the passphrase of the access point arechanged, and effort for the user increases.

SUMMARY OF THE INVENTION

An aspect of the present invention is to eliminate the above-mentionedproblems with conventional technology.

A feature of the present invention is to provide a technique by which acommunication apparatus obtains an SSID corresponding to a user, andthen the communication apparatus uses the SSID to operate in a directwireless communication mode.

The present invention in its first aspect provides a communicationapparatus comprising: a wireless communication unit equipped with adirect wireless communications function configured to execute wirelesscommunication between an external apparatus and the communicationapparatus; a specifying unit configured to specify a user of thecommunication apparatus; and a generation unit configured to generate anSSID, to use in the direct wireless communications function, by using atleast user information of the user specified by the specifying unit.

The present invention in its second aspect provides a communicationapparatus comprising: a wireless communication unit equipped with adirect wireless communications function configured to execute wirelesscommunication between an external apparatus and the communicationapparatus; a storage unit configured to store an SSID, used by thedirect wireless communications function, in correspondence with userinformation of a user; a specifying unit configured to specify a user ofthe communication apparatus; and a selection unit configured to select,from a plurality of SSIDs stored in the storage unit, an SSID thatcorresponds to user information of the user specified by the specifyingunit, wherein the wireless communication unit uses the SSID selected bythe selection unit to execute the direct wireless communicationsfunction.

Further features of the present invention will become apparent from thefollowing description of exemplary embodiments with reference to theattached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate embodiments of the invention and,together with the description, serve to explain the principles of theinvention.

FIG. 1 depicts a schematic view illustrating a configuration of aprinting system according to a first embodiment of the presentinvention.

FIG. 2 is a block diagram for explaining a hardware configuration of amobile terminal and an MFP according to the first embodiment.

FIG. 3A is a block diagram for describing a software configuration ofthe MFP according to the first embodiment and a data region in whichsoftware is managed.

FIG. 3B is a block diagram for describing a software configuration of amobile terminal according to the first embodiment and a data region inwhich software is managed.

FIG. 4 depicts a view illustrating an example of screen transitions anduser interfaces displayed on a console unit of the MFP according to thefirst embodiment.

FIG. 5 depicts a view illustrating an example of user interfacesdisplayed on an operation unit of the mobile terminal according to thefirst embodiment.

FIG. 6 is a flowchart for describing processing for activation of anaccess point by the MFP according to the first embodiment.

FIG. 7 depicts a view for explaining an algorithm by which an SSID and apassphrase are generated by the MFP according to the first embodimentfrom information of a user who has logged-in.

FIG. 8 is a block diagram for describing a software configuration of theMFP according to a second embodiment and a data region in which softwareis managed.

FIG. 9 depicts a view illustrating an example of user interfacesprovided by a mobile connection corresponding to editing or deleting anSSID, in the second embodiment.

FIG. 10 is a flowchart for describing processing for activation of anaccess point by the MFP according to a second embodiment.

DESCRIPTION OF THE EMBODIMENTS

Embodiments of the present invention will be described hereinafter indetail, with reference to the accompanying drawings. It is to beunderstood that the following embodiments are not intended to limit theclaims of the present invention, and that not all of the combinations ofthe aspects that are described according to the following embodimentsare necessarily required with respect to the means to solve the problemsaccording to the present invention.

First Embodiment

FIG. 1 depicts a schematic view illustrating a configuration of aprinting system according to a first embodiment of the presentinvention. In an environment in the first embodiment, a plurality ofmulti-function peripherals (MFP: Multi-Function Peripheral) and aplurality of mobile terminals are present. For example, an officeenvironment in which each user has one mobile terminal and normallywalks around holding the mobile terminal is envisioned. A plurality ofMFPs are installed in accordance with the office environment. Here,explanation is given of a multi-function peripheral (MFP) as an exampleof one aspect of a communication apparatus and a printing apparatus ofthe present invention.

An MFP 100 and a mobile terminal 101 in FIG. 1 are representativeexamples of the plural MFPs and mobile terminals. The MFP 100 isequipped with a wireless LAN access point function, and can connect toand perform direct communication with the mobile terminal 101, which isconnected to the access point.

FIG. 2 is a block diagram for explaining hardware configurations of theMFP 100 and the mobile terminal 101 according to the first embodiment.

Firstly, explanation is given of a hardware configuration of the MFP100.

A CPU 201 controls operation of the MFP 100 on the whole. The CPU 201performs various control, such as reading control or transmissioncontrol, by reading a control program that is stored in a ROM 202 or anHDD (hard disk drive) 204, deploying it into a RAM 203, and thenexecuting the deployed program. The RAM 203 is a volatile memory thatthe CPU 201 uses, for example as a work area for executing variousprograms. The HDD 204 stores image data, various programs, or the like.A console unit 205 is equipped with a hard key, a display unit that hasa function of a touch panel that is operable by a user's finger, or thelike. A printer 206 prints an image on a print paper (a sheet) based onimage data transferred via an internal bus. A scanner 207 generatesimage data by reading an image of an original. An IC card reader 208reads an IC card that is used in authentication of a user. A wired LANinterface 209 is an NIC (Network Interface Card) for connecting to awired LAN. A wireless LAN interface 210 is an access point forconnecting to the MFP 100 from a terminal corresponding to a wirelessLAN. These are mutually connected via an internal bus.

Next, explanation is given of a hardware configuration of the mobileterminal 101.

A CPU 211 controls operation of the mobile terminal 101 on the whole. ARAM 212 is a volatile memory that the CPU 211 uses, for example as awork area for executing various programs. A flash memory 213 is anon-volatile memory that stores various programs or data. A wireless LANinterface 214 is an interface for communicating by a wireless LAN, andcan perform a wireless communication by connecting to a wireless LANaccess point. In the first embodiment, the wireless LAN interface 214 isused to mutually communicate with the MFP 100 after connecting to thewireless LAN interface 210 that the MFP 100 is provided with. Anoperation unit 215 is a display that operates as a touch panel that isoperable by a user's finger. A speaker 216 converts an electrical signalinto a sound. A microphone 217 detects a sound and converts it into anelectrical signal. A camera unit 218 captures a still image or a movingimage, and converts it into electronic data.

Next, referring to FIG. 3, explanation is given of a softwareconfiguration of the mobile terminal 101 and the MFP 100 according tothe first embodiment.

FIG. 3A is a block diagram for explaining a software configuration ofthe MFP 100 according to the first embodiment and a data region in whichsoftware is managed. Note, a function of software illustrated in FIG. 3Ais realized by the CPU 201 executing a program deployed into the RAM203.

FIG. 4 depicts a view illustrating an example of screen transitions anduser interfaces displayed on the console unit 205 of the MFP 100according to the first embodiment. Below, explanation is given withreference to FIG. 3A and FIG. 4.

A platform 301 is a platform that provides a basic function of softwarethat controls the MFP 100. The platform 301 can be configured in a formthat includes, for example, a device driver group, an OSGi framework, aJAVA (registered trademark) virtual machine, and operating system suchas Linux or the like. The OSGi framework is a Java-based serviceplatform defined by the OSGi Alliance (a standardization body). Theplatform 301 is equipped with a device driver group for controllingvarious hardware, and provides APIs (Application Programming Interface)for using the hardware to applications that operate on the platform. Theplatform 301 is equipped with a wireless LAN control module 302.

The wireless LAN control module 302 is equipped with a software accesspoint mode in which the wireless LAN interface 210 is activated as awireless LAN access point. It is also provided with a DHCP (Dynamic HostConfiguration Protocol) function that allocates an IP address to amobile terminal when the mobile terminal connects to the access pointwhich is activated in the software access point mode. In addition, thewireless LAN control module 302 provides an application with an API thatperforms software access point mode activation/stopping control, andread/writes a passphrase or SSID (identification information) for theaccess point. Although it is not shown graphically, a printer modulethat controls the printer 206, and a scanner module that controls thescanner 207 are also present in the platform 301. In addition, theplatform 301 provides an application with an API for reading/writingdata of an MFP setting database 310 or the like.

Additionally, the above software access point mode is an example of adirect wireless communication mode in which the MFP 100 can operate andin which direct wireless communication with an external apparatus (forexample, the mobile terminal 101) is executed without going through anaccess point. The direct wireless communication mode is not limited tothe software access point mode, and may be of another wirelesscommunication method, such as Wi-Fi Direct. When the MFP 100 operates inthe direct wireless communication mode, the MFP 100 behaves as an accesspoint.

A copy 303, a scan 304, a print 305, and a mobile connection 306 areexamples of applications that operate on the platform 301. Theseapplications display a user interface for providing functions of eachkind of application on the console unit 205. For example, the copy 303provides a function that controls the scanner 207 and the printer 206via the platform 301 to execute a copy. The scan 304 provides a functionthat operates the scanner 207, and transmits obtained electronic dataexternally or stores it to the HDD 204. The print 305 provides afunction that displays a print history or an execution status of a printjob received from the external unit.

The mobile connection 306 provides a user interface (connecting mobiledevice screen 403 of FIG. 4) for using the wireless LAN interface 210 inthe access point mode. A user can activate a wireless LAN access pointin an ad hoc manner by pressing an activate access point button 413 ofthe connecting mobile device screen 403. At this point, an SSID and apassphrase of a usable access point are displayed on an area 415 of theconnecting mobile device screen 403. For example, a user of the mobileterminal 101 can use the MFP 100 from the mobile terminal by using theSSID and passphrase of the access point that are displayed in the area415 to wirelessly connect the mobile terminal 101 to the wireless LANinterface 210 which is operating in access point mode. If usage of thewireless LAN has ended, a user presses a stop access point button 414 tostop the wireless LAN access point. Thereby the wireless connection withthe mobile terminal 101 can be terminated.

MFP settings 307 provides an MFP settings screen 404 (FIG. 4) for anadministrator of the MFP 100 to perform setting of the MFP 100. A menu308 is a module that displays a menu screen 402 (FIG. 4) for selecting apreviously explained application from the console unit 205. For example,the menu screen 402 is equipped with an MFP settings button 411 and thelike for displaying a screen for setting the MFP 101 and buttons 407-410that display functions that various applications provide. A loginservice 309 is provided with a login function and an account managementfunction for a user that uses the MFP 100. The MFP setting database 310is a database that comprehensively manages settings of the MFP 100 andan application.

It is possible to perform the following settings via the setting screen404 for the MFP 100 according to the first embodiment. A value set inthe setting screen 404 of the MFP 100 is stored in the MFP settingdatabase 310.

ON/OFF of the login function (reference numeral 416 of the MFP settingsscreen 404 of FIG. 4)

If the login function is set to OFF, the menu screen 402 is displayedwithout a user performing a login operation, and it is possible to use afunction selected in the menu screen.

If the login function is set to ON, the login service 309 displays alogin screen 401 (FIG. 4) on the console unit 205. Thus, afterperforming a login operation via the login screen 401, a user can usethe menu screen 402 and a function selected from the menu screen 402.

Setting a default SSID and passphrase of an access point (referencenumeral 417 of the MFP settings screen 404 of FIG. 4)

A fixed SSID and passphrase are set for the MFP 100.

Usage setting of a one-time SSID (reference numeral 418 of the MFPsettings screen 404 of FIG. 4)

When this setting is ON, a function that activates the access point witha different SSID each time is activated.

Usage setting of an SSID for each individual person (reference numeral419 of the MFP settings screen 404 of FIG. 4)

When this setting is ON, a function that, in cooperation with the loginfunction, activates the access point with a different SSID for each useris activated.

The login service 309 is provided with a login function and a useraccount management function explained below.

The user account management function provides a user interface toperform registration and management of a user account to a user, anduser information registered via this user interface is stored in a userdatabase 312 and managed. Here the user information that is managedincludes a user name, a password, an IC card number, a role, and thelike as illustrated in the list of user information of Table 1, forexample.

TABLE 1 User name Password IC card number Role Administrator password001a1b2c3d4e5f6g0 Administrator Guest Guest Alice password101a1b2c3d4e5f6g1 Administrator Bob password2 01a1b2c3d4e5f6g2 Generaluser Carol password3 01a1b2c3d4e5f6g3 General user Dave password401a1b2c3d4e5f6g4 General user

The login function provides a login/logout function to a user who usesthe console unit 205. Configuration is taken so that the login screen401 is displayed on the console unit 205, and a user who has notlogged-in cannot use the console unit 205. Note that configuration istaken at this point so that a number of users who can simultaneouslylogin to the console unit 205 is set to “1”, and that a plurality ofusers cannot simultaneously login to the console unit 205. If a user hassucceeded in logging in, the display of the console unit 205 is causedto transition from the login screen 401 to the menu screen 402, and astate in which the user can use the MFP 100 is entered. Note that,multiple login schemes exist as schemes for performing this login. Forexample, a login scheme such as below is provided.

Keyboard Log in

A software keyboard is displayed on the login screen 401 of the consoleunit 205, and when a press of a login button 405 is detected, an inputuser name (account) and password are obtained to perform userauthentication to perform login processing.

IC Card Log in

Login processing is performed by obtaining an IC card number from an ICcard that was held up to the IC card reader 208, and identifying a user.

Ordinarily a login service authenticates a user by verifying whether auser name and password, or an IC card number, which are obtained by thekeyboard login or the IC card login, match something that is registeredin the user database 312. In addition, the login service may collaboratewith a server for user authentication that is connected by a wired LAN.In such a case, the login service performs user authentication byverifying whether the obtained user name and password, or IC card numbermatch something that is registered in the server. Using an LDAP(Lightweight Directory Access Protocol) server, Windows (trademark)Active Directory (trademark), an independent server, or the like can beconsidered for a server for user authentication.

In addition, the login service in the first embodiment is equipped witha guest login function. The guest login function, for example, displaysa guest login button 406 on the login screen 401. When a press of theguest login button 406 is detected, a state in which a user can use theMFP 100 is entered, without performing authentication of the user. Notethat configuration may be taken to have a portion of the functions ofthe MFP 100 become unusable when a guest has logged in. For example, theMFP settings button 411 is disabled so that a guest cannot perform asetting modification of the MFP 100. In addition, configuration may betaken to disable, for example, the print button 409 or the copy button407 when letting a guest use print paper is not desired.

When a user logs in, the login service 309 generates an object thatrecords information of the logged-in user, and stores it in the RAM 203.An object that records information of the logged-in user is referred toas a login context 311 below. An example of information recorded in thelogin context 311 is illustrated in Table 2 below.

TABLE 2 Item Value User name Alice Domain name localhost Role Generaluser

A region to record a domain name is provided in the login context 311,and configuration is taken such that it is possible to distinguish, asseparate accounts, a user account registered in the user database 312,and a user account managed by the server for user authentication. Forexample, if a user (Alice) who is registered in the user database 312logs in, a character string “localhost” is recorded in the region thatrecords the domain name. Alternatively, if logging in with a useraccount managed by the server for user authentication, the domain nameor the server name is recorded as a character string in the region thatrecords the domain name. An example of information recorded in the logincontext 311 when logging in with a user account that is managed by aserver is illustrated in Table 3 below. Table 3, for example indicates acase in which a user (Alice) who is registered in the user database 312has logged-in with a user account that is managed by a server, and adomain name (DomainA) is recorded in the region that records the domainname.

TABLE 3 Item Value User name Alice Domain name DornainA Role Generaluser

In addition, Table 4 illustrates an example of information recorded inthe login context 311 at a time of a guest login.

Here the user name is set to “Alice”, the domain name is set to“localhost”, and the role is set to “guest”.

TABLE 4 Item Value User name Alice Domain name localhost Role guest

When a press of a logout button 412 of a screen displayed on the consoleunit 205 illustrated in FIG. 4 is detected, the information recorded inthe login context 311 is deleted, and display of the login screen 401 isreturned to again.

FIG. 3B is a block diagram for describing a software configuration ofthe mobile terminal 101 according to the first embodiment and a dataregion in which software is managed. FIG. 5 depicts a view illustratingan example of user interfaces displayed on the operation unit 215 of themobile terminal 101 according to the first embodiment. Below,explanation is given with reference to FIG. 3B and FIG. 5. Note, afunction of software illustrated in FIG. 3B is realized by the CPU 211executing a program deployed into the RAM 212.

Wireless LAN information 315 indicates a data region of data thatsoftware records in the flash memory 213 and manages. A platform 313 canbe configured by a platform of Google Inc.'s Android (trademark) orApple Inc.'s iOS (trademark), for example. The platform 313 is equippedwith a device driver group for controlling various hardware, andprovides APIs for using the various hardware to applications thatoperate on the platform 313. The platform 313 is equipped with awireless LAN control module 314. The wireless LAN control module 314 issoftware that controls the wireless LAN interface 214. A wireless LANsetting screen 501 of FIG. 5 illustrates an example of a wireless LANsetting screen that the platform 313 displays on the operation unit 215.For example, it displays, in a list 502, wireless LAN access point SSIDsthat the wireless LAN control module 314 has found by searching. A userselects any access point from the list 502, inputs a passphrase of theaccess point in an area 503, and then presses a connection button 504.In this way, when a connection succeeds, the platform 313 records theSSID and the passphrase in the wireless LAN information 315. When thewireless LAN function of the mobile terminal 101 is enabled and it isnot connected to a wireless LAN, the platform 313 automatically searchesfor a wireless LAN access point to which there was a connection in thepast. It is equipped with a function that attempts to connect by an SSIDand a passphrase recorded in the wireless LAN information 315.

The mobile terminal 101 can install and cause to operate on the platform313 various applications. In the first embodiment, an MFP connectionapplication 316 is installed in advance. A user interface screen 505 ofFIG. 5 illustrates an example of a user interface screen that the MFPconnection application 316 displays on the operation unit 215. Forexample, the MFP connection application 316, after connecting to the MFP100 by a wireless LAN, can use a function of the printer 206 or thescanner 207 of the MFP 100 via the wireless LAN. For example, it ispossible to instruct printing to the MFP 100 by a user touching a printbutton in the screen 505.

FIG. 6 is a flowchart for describing processing for activation of anaccess point by the MFP 100 according to the first embodiment. Note thata program that executes this processing is stored in the ROM 202 or theHDD 204, and at a time of execution, is deployed to the RAM 203, andexecuted under the control of the CPU 201. In addition, the performer ofthe software that executes this flowchart is the wireless LAN controlmodule 302, which is illustrated in the software configuration of FIG.3A.

In this processing, when a user presses the activate access point button413 in the connecting mobile device screen 403, the mobile connection306 requests the wireless LAN control module 302 to activate an accesspoint. In this way the processing is started in step S601 by thewireless LAN control module 302 accepting an activation request for theaccess point. Note that, configuration may be taken such that, when theaccess point is already activated, the processing is started afterstopping the currently activated access point.

Next, the processing proceeds to step S602 and the CPU 201 refers to theMFP setting database 310, and obtains the “SSID usage setting for eachindividual person” 419, which is set via the setting screen 404 of theMFP. The processing proceeds to step S603, and the CPU 201 determineswhether or not the setting 419 obtained in step S602 is ON. Here, if the“SSID usage setting for each individual person” is ON, in other words ifit is set so as to cooperate with the user login function to activatethe access point with a different SSID for each user, the processingproceeds to step S604. In step S604 the CPU 201 refers to the logincontext 311, and attempts to obtain logged-in user information. Theprocessing proceeds to step S605, and the CPU 201 determines whether ornot information of a logged-in user could be obtained. If obtainment ofinformation of a logged-in user other than a guest succeeded, theprocessing proceeds to step S606, and the CPU 201 generates an exclusiveSSID and passphrase for the obtained user. Note that, to generate anexclusive SSID and passphrase for the logged-in user at this point,configuration may be taken to employ an algorithm such that the sameSSID and passphrase are always generated if the obtained userinformation is the same. A method that always generates the same SSIDand passphrase for each individual person from the user information isexplained later. The processing proceeds to step S607, and the CPU 201activates the access point by the generated or obtained SSID andpassphrase. The processing proceeds to step S608, and the CPU 201terminates the activation processing for the access point.

Meanwhile, if it is determined that the “SSID usage setting for eachindividual person” 419 is OFF in step S603, or if the logged-in userinformation indicates a guest in step S605, or if logged-in userinformation could not be obtained, the processing proceeds to step S609.In step S609, the CPU 201 refers to the MFP setting database 310, andobtains the “one-time SSID usage setting” 418. Next the processingproceeds to step S610, and the CPU 201 determines whether or not theobtained setting 418 is ON. Here, if the CPU 201 determines that the“one-time SSID usage setting” 418 is ON, in other words that it is asetting for activating an access point with a different SSID each time,the processing proceeds to step S611. In step S611 the CPU 201 uses arandom number generator to generate, each time, a random SSID andpassphrase as a one-time SSID and passphrase. Then the processingproceeds to step S612, and the CPU 201 activates the access point withthe generated one-time SSID and passphrase. Then, the processingproceeds to step S608, and the activation processing for the accesspoint is terminated.

If in step S610 the CPU 201 determines that the “one-time SSID usagesetting” 418 is OFF, the processing proceeds to step S613, and the CPU201 refers to the MFP setting database 310, and obtains a default SSIDand passphrase. Next, the processing proceeds to step S614, and the CPU201 activates the access point by the default SSID and passphrase. Then,the processing proceeds to step S608, and the activation processing forthe access point is terminated. Note that the SSID and passphrase of theactivated access point may be displayed on the connecting mobile devicescreen 403 of FIG. 4.

However, control is performed so as to not display the SSID andpassphrase for a user on the connecting mobile device screen 403, evenif an access point is activated, if a guest or another person haslogged-in, or if the login function is changed to OFF so that theycannot be viewed by another person.

Note that, in the above-described flowchart, configuration may be takento proceed to step S609 if the logged-in user information obtained instep S604 indicates a guest. However, when treating a guest account thesame as a normal account, configuration may be taken such that theprocessing proceeds to step S606, and an exclusive SSID and passphrasefor a guest are generated or obtained.

In addition, if a login function setting 416 of the MFP 100 is OFF,because obtaining logged-in user information is determined to havefailed in step S605, even if the SSID usage setting for each individualperson 419 is ON, SSID for each individual person will not be used.

FIG. 7 depicts a view for explaining an algorithm by which the same SSIDand passphrase are generated when information of a logged-in user is thesame as information of a user who was logged-in previously in the MFP100 according to the first embodiment. Note that the followingexplanation is only an example, and an approach to generation is notlimited to this.

If a user name and a domain name are used for an SSID for example, it ispossible to generate an SSID that is easy to understand for a user. Forexample, reference number 701 illustrates an example of generating anSSID as one character string by adding a fixed connection symbol (-) toa user name and a domain name, and adding suffix letters (-AP).

When desiring to have the user-exclusive passphrase, or both of the SSIDand the passphrase, be something confidential so that guessing byanother person is not possible, a method such as the following may beconsidered. For example, as illustrated by reference numeral 702 orreference numeral 703 of FIG. 7, a character string that includes a username and a domain name is set as a message 710 and a value unique to theMFP is set as a key 711, and an HMAC (Hash-based Message AuthenticationCode) algorithm known by RFC 2104 is used to calculate MAC (MessageAuthentication Codes) values 712 and 713. Next, these MAC values areconverted to character strings, and used as the SSID and the passphrase.In the example of reference numeral 702, a case in which an HMAC is usedto generate only a passphrase 716 is illustrated. Also, in the exampleof reference numeral 703, an example of a case in which an HMAC is usedto generate both an SSID 714 and a passphrase 715 is illustrated. In theexample of reference numeral 703, a long string 717 is generated, afront part of the string is set as the SSID 714, and a rear part of thestring is set as the passphrase 715.

In addition, configuration may be taken such that, if there are aplurality of the MFPs according to the first embodiment in the sameoffice, key information used for HMAC is shared by the plurality ofMFPs, and if the user information is the same, the same SSID andpassphrase are generated. Thus, when the same SSID and passphrase can beused in a plurality of MFPs, it is possible to reduce a burden of a userin registering, in the mobile terminal 101, SSIDs and passphrases thatare different for each MFP. In addition, if a user cannot simultaneouslyuse a plurality of MFPs, no problem occurs because there is no case ofaccess points having the same SSID and passphrase simultaneouslyactivating in the plurality of MFPs.

By the first embodiment, as explained above, in a case where a user logsin to an MFP and activates an access point, it is possible to activatethe access point by an SSID and passphrase that are exclusive to thelogged-in user. At this point, because the SSID and passphrase that areexclusive to the user do not change when the access point activates orstops, it is always possible to use the same SSID and passphrase if theuser is the same. Thereby, because registration of an SSID and apassphrase to the mobile terminal need only be performed once, it ispossible to reduce effort for a user.

In addition, by configuring so that the SSID and passphrase that areexclusive to the user are not known by another person, a user who logsin to an MFP and activates an access point will not have the accesspoint used by another person. With this, a user can temporarilymonopolize an access point that the MFP has activated.

Furthermore, by using this function together with a function thatautomatically connects to an access point to which the mobile terminalconnected in the past, it is possible to achieve a further effect. Inother words, upon a user of a mobile terminal first registering andstoring in the mobile terminal an SSID and passphrase exclusive to theuser, the user can connect the mobile terminal and an MFP by justlogging in to the MFP and activating the access point from the next timeon.

In addition, even if the login function of the MFP is ON, there arecases in which a guest uses the MFP without performing userauthentication. For this reason, configuration is taken to provide atemporary SSID and passphrase when a guest uses the access point of theMFP. Thus, even for a guest it is possible to monopolize an access pointthat an MFP has temporarily activated, without the access point beingused by another person.

In addition, there are users who feel that setting the login function ofan MFP to be always ON is cumbersome. For this reason, configuration istaken so that, when the login function is OFF, it is possible to use theaccess point of the MFP with a default SSID or a temporary SSID.

In addition, there are cases in which, when a number of terminals thatactually use the access point of the MFP is less than the maximum numberof terminals that can simultaneously connect, SSID for each individualperson is not used, and the access point of the MFP may always beactivated by a default SSID and passphrase. For this reason,configuration is taken such that it is possible to set the usage settingof SSIDs for each individual person to OFF.

Second Embodiment

Next, a second embodiment of the present invention is explained. Thesecond embodiment is explained with a configuration that records, andmanages, an SSID for each individual person in the HDD 204 of the MFP100. Note that, because the hardware configuration, printing system'sconfiguration, and the like of the mobile terminal 101 and the MFP 100according to the second embodiment are the same as those of thepreviously described first embodiment, explanation thereof is omitted.

FIG. 8 is a block diagram for describing a software configuration of theMFP 100 according to the second embodiment and a data region in whichsoftware is managed. Also, portions in common with FIG. 3A of thepreviously described first embodiment are indicated by the samereference numerals, and explanation thereof is omitted.

Here, the platform 301 records and manages SSIDs for each individualperson in an SSID management table 801 of the HDD 204. For example theSSID management table 801, as illustrated in Table 5 below, stores anSSID and passphrase in association with information that specifies auser uniquely (user name and domain name).

TABLE 5 User Domain name name SSID Passphrase Alice localhost Alice-APXHIQo1IyS144q2D18Cz8xQ Bob localhost Bob-Ap FPkxZggmzC/+00LoTUVSSg Carollocalhost Carol-AP Astpr0h/Y3XOIuOixRQriw Dave localhost Dave-APEtCQweUnrw55NNI/P+wXvA

FIG. 9 depicts a view illustrating an example of user interfacesprovided by the mobile connection 306 that correspond to editing ordeleting an SSID, in the second embodiment. Note that, in FIG. 9, aportion in common with FIG. 4 has the same reference numeral added.

The mobile connection 306 refers to the login context 311 to specify alogged-in user, and furthermore obtains, from the SSID management table801, an SSID and passphrase associated with the logged-in user, anddisplays them on the area 415.

In FIG. 9, the connecting mobile device screen 403 displays the accesspoint information on the area 415, similarly to the previously explainedFIG. 4. If there is no information of an SSID and passphrase associatedwith the logged-in user in the SSID management table 801, the area 415is displayed as blank. Upon detection of a press of an edit button 901of the connecting mobile device screen 403, the mobile connection 306displays an editing screen 903 for editing the SSID and passphrasedisplayed in the area 415. A user can register a new SSID and passphraseby inputting the new SSID and passphrase in an area 904 of the editingscreen 903 and then pressing an update button 905. At this point, themobile connection 306 obtains the SSID and passphrase that have beennewly input in the area 904, and registers them in or updates the SSIDmanagement table 801. In this way, it is possible to generate a new SSIDby concatenating a predetermined character string to user identificationinformation.

In addition, the connecting mobile device screen 403 is provided with adelete button 902. Upon detecting a press of the delete button 902 forthe connecting mobile device screen 403, the mobile connection 306deletes, from the SSID management table 801, information of the SSID andpassphrase that are associated with the logged-in user.

FIG. 10 is a flowchart for describing processing for activation of anaccess point by the MFP 100 according to the second embodiment. Notethat a program that executes this processing is stored in the ROM 202 orthe HDD 204, and at a time of execution, is deployed to the RAM 203, andexecuted under the control of the CPU 201. In addition, the performer ofthe software that executes this flowchart is the wireless LAN controlmodule 302, which is illustrated in the software configuration of FIG.8. Also, in FIG. 10, portions in common with the flowchart of FIG. 6 inaccordance with the previously described first embodiment areillustrated by the same reference numerals.

In step S605, the CPU 201 determines whether or not it was possible toobtain information of a logged-in user from the login context 311. Upondetermining that it is possible to obtain information of the logged-inuser, the processing proceeds to step S1001, the CPU 201 refers to theSSID management table 801, and attempts to obtain an SSID and passphraseassociated with the information of the logged-in user. The processingproceeds to step S1002, and the CPU 201 determines whether or not itsucceeded in obtaining the SSID and the passphrase. Upon determined thatobtainment failed here, the processing proceeds to step S1003, and asexplained with reference to FIG. 7, the CPU 201 uses the information ofthe logged-in user to newly generate an SSID and passphrase. These arestored in the SSID management table 801 in association with informationof the logged-in user, and the processing proceeds to step S1004. Instep S1004, the CPU 201 uses the SSID and passphrase generated in stepS1003 to activate the access point to complete the access pointactivation processing.

Meanwhile, if in step S1002 the CPU 201 succeeded in obtaining the SSIDand the passphrase, the processing proceeds to step S1004. In stepS1004, the CPU 201 uses the SSID and passphrase obtained from the SSIDmanagement table 801 to activate the access point to complete the accesspoint activation processing.

According to the second embodiment, as explained above, if an SSID andpassphrase are not stored in the SSID management table 801, an SSID andpassphrase are newly generated, stored in the SSID management table 801,and that are used to activate the access point. However, if there are anSSID and passphrase that are already stored, they are used to activatethe access point. Thereby, it is possible to reduce a burden on a CPU inaccordance with generation of the SSID and passphrase.

In addition, by allowing a user to edit their own SSID and passphrase,the user can freely set a desired SSID and passphrase, and MFPconvenience increases. In addition, even if an SSID and passphrases foreach individual person are leaked to another person, because a user canchange or delete the SSID and passphrase at any timing, it is possibleto maintain security of the MFP.

OTHER EMBODIMENTS

Embodiments of the present invention can also be realized by a computerof a system or apparatus that reads out and executes computer executableinstructions (e.g., one or more programs) recorded on a storage medium(which may also be referred to more fully as a ‘non-transitorycomputer-readable storage medium’) to perform the functions of one ormore of the above-described embodiments and/or that includes one or morecircuits (e.g., application specific integrated circuit (ASIC)) forperforming the functions of one or more of the above-describedembodiments, and by a method performed by the computer of the system orapparatus by, for example, reading out and executing the computerexecutable instructions from the storage medium to perform the functionsof one or more of the above-described embodiments and/or controlling theone or more circuits to perform the functions of one or more of theabove-described embodiments. The computer may comprise one or moreprocessors (e.g., central processing unit (CPU), micro processing unit(MPU)) and may include a network of separate computers or separateprocessors to read out and execute the computer executable instructions.The computer executable instructions may be provided to the computer,for example, from a network or the storage medium. The storage mediummay include, for example, one or more of a hard disk, a random-accessmemory (RAM), a read only memory (ROM), a storage of distributedcomputing systems, an optical disk (such as a compact disc (CD), digitalversatile disc (DVD), or Blu-ray Disc (BD)™), a flash memory device, amemory card, and the like.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all such modifications and equivalent structures andfunctions.

This application claims the benefit of Japanese Patent Application No.2015-81232, filed Apr. 10, 2015, which is hereby incorporated byreference herein in its entirety.

What is claimed is:
 1. A communication apparatus equipped with a directwireless communication function for executing a direct wirelesscommunication with an external apparatus without a relay apparatus, thecommunication apparatus comprising: at least one memory that stores aset of instructions; and at least one processor that executes theinstructions, the instructions, when executed, causing the informationprocessing apparatus to perform operations comprising: specifying a userwho logs into the communication apparatus; and executing a directwireless communication function, wherein an SSID of a plurality of SSIDsincluding at least an SSID of a first type corresponding to the user whologs into the communication apparatus and an SSID of a second type beingdifferent from the SSID of the first type is able to be used in thedirect wireless communication function, wherein in a case that it is setto use the SSID of the first type, an SSID corresponding to thespecified user is used in the executed direct wireless communicationfunction.
 2. A method of controlling a communication apparatus equippedwith a direct wireless communication function that executes a directwireless communication with an external apparatus without a relayapparatus, the method comprising: specifying a user who logs into thecommunication apparatus; and executing a direct wireless communicationfunction, wherein an SSID of a plurality of SSIDs including at least anSSID of a first type corresponding to the user who logs into thecommunication apparatus and an SSID of a second type being differentfrom the SSID of the first type is able to be used in the directwireless communication function, wherein in a case that it is set to usethe SSID of the first type, an SSID corresponding to the specified useris used in the executed direct wireless communication function.
 3. Themethod according to claim 2, wherein in a case that the direct wirelesscommunication function is executed using the SSID of the first type, thecommunication apparatus functions as an access point that is identifiedby the external apparatus with the SSID corresponding to the specifieduser.
 4. The method according to claim 3, wherein in a case that thedirect wireless communication function is executed using the SSID of thefirst type, a passphrase corresponding to the specified user is set tothe access point.
 5. The method according to claim 2, furthercomprising: generating the SSID corresponding to the specified userusing at least user information of the specified user.
 6. The methodaccording to claim 5, wherein the SSID corresponding to the specifieduser is generated by combining user information of the specified userwith a predetermined character string.
 7. The method according to claim2, wherein the direct wireless communication function is a function inwhich the communication apparatus operates as an access point.
 8. Themethod according to claim 2, wherein the direct wireless communicationfunction is Wi-Fi Direct®.
 9. The method according to claim 2, whereinthe communication apparatus is a printing apparatus that can executeprinting.
 10. The method according to claim 2, wherein the SSID of thesecond type is an SSID that is obtained from information other than userinformation of the specified user.
 11. The method according to claim 2,wherein the SSID of the second type is one-time SSID.
 12. The methodaccording to claim 11, wherein the one-time SSID is an SSID of one timeperiod used between a start and an end of the direct wirelesscommunication and includes character string generated based on anacceptance of an instruction for instructing to execute the directwireless communication function.
 13. The method according to claim 12,wherein the one-time SSID includes a random character string generatedbased on the acceptance of the instruction.
 14. The method according toclaim 11, wherein in a case that the one time SSID is used in the directwireless communication function, an SSID that is different from aprevious SSID which is generated previously is used in the executeddirect wireless communication function.
 15. The method according toclaim 11, wherein the plurality of SSIDs further include an SSID of athird type, wherein in a case that it is set to use the SSID of thethird type, a default SSID that is stored as an operation setting forthe direct wireless communication is used in the executed directwireless communication function.
 16. The method according to claim 15,the method further comprising: changing the stored default SSID inaccordance with a user operation.
 17. A non-transitory computer-readablestorage medium storing a program for causing a processor to execute amethod of controlling a communication apparatus equipped with a directwireless communication function that executes a direct wirelesscommunication with an external apparatus without a relay apparatus, themethod comprising: specifying a user who logs into the communicationapparatus; and executing a direct wireless communication function,wherein an SSID of a plurality of SSIDs including at least an SSID of afirst type corresponding to the user who logs into the communicationapparatus and an SSID of a second type being different from the SSID ofthe first type is able to be used in the direct wireless communicationfunction, wherein in a case that it is set to use the SSID of the firsttype, an SSID corresponding to the specified user is used in theexecuted direct wireless communication function.